Internet resources, and in particular web applications, are often developed with fields which can be altered or abused by those accessing a resource. However, the resource developer may assume that the resource is unalterable or secret (unpredictable or incapable of being guessed). These fields can include, for example, cookies, hidden inputs on forms and Uniform Resource Locators (“URLs”).
Many Internet applications, such as web sites and other corporate resources, can be infiltrated using only a text editor. Exemplary Internet attacks that exploit misplaced trust in client data include cookie tampering, parameter tampering, hidden field manipulation, stealth commanding, forceful browsing, Structured Query Language (SQL) injection, overflow attacks, and others application level attacks.
Current solutions to prevent field tampering exist in the form of software that monitors all traffic going to and from an Internet application. Based on a comprehensive rule set that identifies normal application use, existing products infer session information and analyze all Hypertext Transfer Protocol (“HTTP”) packets by putting all packets through a rule engine that represents the web application state machine. A rule set maintained by the rule engine mirrors the complexity of the web application and is derived using either explicit configuration or a “learning mode” which attempts to generate the state machine by observing presumably “correct” behavior.
Existing solutions have significant drawbacks, however, in terms of configuration complexity, scalability, performance and accuracy. Every web site or web application has a different set of rules that must be learned or configured into the system. Changes to the web site may cause the rule set to be rendered invalid and can require reconfiguration or relearning of a new rule set. The complexity of the rules also requires significant CPU capacity and memory to process each web transaction.
For the foregoing reasons, a need exists for a method, system and software for state signing to determine whether fields in a web page or other Internet resource have been altered or abused.